nanog mailing list archives
Re: Gmail and SSL
From: William Herrin <bill () herrin us>
Date: Wed, 2 Jan 2013 17:27:06 -0500
On Wed, Jan 2, 2013 at 3:10 PM, George Herbert <george.herbert () gmail com> wrote:
On Wed, Jan 2, 2013 at 11:36 AM, William Herrin <bill () herrin us> wrote:Communications using a key signed by a trusted third party suffer such attacks only with extraordinary difficulty on the part of the attacker. It's purely a technical matter.While I agree with your general characterization of MIIM, the "extraordinary difficulty" here is not supported.
AFAICT someone finds a way to get themselves a certificate for a domain they don't control every couple years or so. The hole is promptly plugged (and the certs revoked) before much actually happens as a result. Has your experience been different? Are you, at this moment, able to acquire a falsely signed certificate for www.herrin.us that my web browser will accept? You're right that false certificates have been issued in the past. You're right that false certificates will be issued again in the future. No security apparatus is 100% effective. But if despite your resources you in particular can't make it happen in a timely manner, that's a meaningful barrier to mounting a man-in-the-middle attack against someone using properly signed certificates. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Gmail and SSL, (continued)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Randy Bush (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Seth David Schoen (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Jimmy Hess (Jan 02)
- Re: Gmail and SSL Steven Bellovin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL George Herbert (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL John R. Levine (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)
- Re: Gmail and SSL William Herrin (Jan 02)
- Re: Gmail and SSL Christopher Morrow (Jan 02)